Login to the real world with your Facebook account

It seems like every other website we visit today presents us with a “login with a social network” button. We are sometimes presented with a choice, usually between Facebook, Twitter or LinkedIn. But the most common social network encountered is Facebook and the most common scenario where we are offered this option is when we attempt to use a technology-focused service online. This is starting to change and we will start to notice it in a matter of months.

Retailers, financial institutions, and government departments are taking notice. Many are exploring the weaving of social identities into their websites and digital services. Some have already started on the journey while countless others have at least had internal discussions in attempting to understand the implications and risks.

Retailers <3 social

One of analyst firm IDC’s key predictions for 2013 focused on omni-channel retailing. From a technology standpoint, the message was that retailers need to evolve to weave social, location and mobile into the customer buying process. Doing so would enable our retail experience to exist over disparate points in time rather than being forced into the stop-start nature we are accustomed to today.

Gartner, another leading analyst firm stated that “by the end of 2015, 50 per cent of new retail customer identities will be based on social network identities, up from less than 5 per cent today”. Combine this with IDC’s prediction and we arrive at the conclusion that when we shop, whether it be online or in-person, our mobile devices and our social identities will be the key pieces of information retailers use to personalise our shopping experience. Done properly, it will actually improve our experience. Retailers hope this will result in more sales in an industry that is struggling to justify the existence of their bricks-and-mortar presence.

Of all the groups mentioned, retail is the sector that is showing the most interest and moving ahead with projects to integrate social identities into the shopping experience.

Financial institutions and social unlikely 2B BFF

All financial institutions that offer products and services for individuals are in fact retailers. When you browse information on a website or speak to a customer service representative, you are in fact simply a customer prospect. To use sales-speak, you are a potential lead. There is no valid reason for them to know beyond an acceptable level of doubt that you are in fact who you represent yourself to be; if you say your name is John Smith and you are 40 years old, then your experience is tailored based on that information. At least it is, if you are speaking to an actual person. When you browse a website, you are treated as a generic person: customer x.

In a world where most people perform preliminary investigations online, this does not mimic the real-world scenario business processes were built for. It is in these first few minutes that our minds are generally made. Even if we don’t, we are just as quick to dismiss the product or service, which is more damaging. Hence, financial institutions are looking for ways to reduce the drop-off rates. In this case, the omni-channel goals of the retailer apply as well. It is also not the most effective way to determine the people that belong in the addressable market and hence will be more likely to transact with the organisation.

Financial institutions, however, are not as enthusiastic about embedding the use of social identities into their websites. Much of this is due to the mental-barrier caused by the fact that by association, we think of money exchanging hands in the context of all financial institutions and hence all parties involved suddenly become paranoid and security-conscious. This perception will start to shift as soon as financial institutions understand the difference between interactions and transactions when it comes to the use of social identities.

Governments like social as a friend

The UK Government announced in 2012 that they would press ahead with plans to allow third-party identities not managed by them, such as Facebook, to be used as valid credentials for access to government websites. This raised many questions and concerns, the most common being the proliferation of fake identities on social networks and the lack of acceptable vetting processes in place to curb and deactivate them.

The state of Washington in the United States allows residents to register to vote using their Facebook account. Unsurprisingly, there were concerns raised. But the key here is that to complete the process, users need to produce their real driver’s license or state issued ID card number.

There is an agency taking this one step further. New York City’s Department of Information Technology & Telecommunications is implementing a project that will allow residents to access their online services using their Facebook, Twitter, Google or LinkedIn accounts. They are, however, forcing the use of registered NYC.ID identities for selected services. In other words, they are enforcing that certain services require more than one social identity.

Government departments are taking a cautious approach to social identities. It may be surprising or outrageous to some that government departments are exploring the social identity option for controlling access to online services. This is understandable given the sensitive nature of the information government departments hold. Security is important, but so is usability. But as security and usability are natural enemies, the balance is the most challenging part of any social identity integration initiative.

Socially acceptable

The common thread linking the industries mentioned is that the use of social identities on websites and digital services is driven by the need to improve usability, negating the need to register and achieving a higher level of personalisation. But there needs to be a balance between the benefits to both parties in the relationship. The general population must benefit from the experience as much as the retailer, financial institution or government department. Without the right balance, one side of the relationship loses.

Ultimately, context is the key to understanding the appropriate use of social identities. While we may be happy browsing a retailer’s website logged in with our Facebook account for a personalised experience, we are not going to be making the payment with it. Organisations that get the balance right while understanding appropriate use and context can begin their social-enablement journey with their eyes open. As more start to see the benefits that can be gained, we will see our social network accounts as more than just a place to post pictures of our kids and pets.

Ian Yip is the product and business manager for Identity and Security Management across the Asia Pacific region at NetIQ Australia. NetIQ, a business unit of the Attachmate Group, provides identity, access, security and compliance management solutions.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.